A: XSS is a web application vulnerability that allows attackers to inject malicious code into the local machine of a user browsing the insecure web application. The attacker will create a phishing email that contains a link to a vulnerable web site. Inside the link will be special commands, often including application code such as Javascript. When the user clicks on the link the special code is sent to the vulnerable web site which echoes back the code to the local user's web browser. Depending on the contents of the special code various attacks can be performed on the local user's PC. Stealing cookies and downloading malware and viruses are often performed via this attack.
|